PT-2010-5159 · Eucalyptus · Eucalyptus

Published

2010-12-22

Updated

2017-08-17

CVE-2010-3905

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Eucalyptus versions 2.0.0 through 2.0.1

Description The issue concerns the password reset feature in the administrator interface, which fails to perform authentication. This allows remote attackers to send password reset requests for other users, potentially gaining privileges.

Recommendations For Eucalyptus versions 2.0.0 and 2.0.1, consider disabling the password reset feature in the administrator interface until a fix is available to prevent unauthorized access.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2010-3905

Affected Products

Eucalyptus

PT-2010-5159 · Eucalyptus · Eucalyptus

CVE-2010-3905

Weakness Enumeration

Related Identifiers

Affected Products

References · 9